Testimonials for Privacy Mode

At Zerodha, we collect logs and ingest them into our pretty-much standard out-of-the-box setup of ELK with some minor configuration for scaling up. Due to our regulatory obligations, we need to have specific retention policies for storing logs. These could include access logs as well as application logs which are usually ingested from various multiple instances of internal apps. We apply the masking to critically sensitive data, for example, application access tokens which can be potentially used to gain temporary unauthorized access to the systems.
Due to reasons such as regular audits by regulator-appointed system auditors we are subject to storing logs without masking certain PII or user identifiers. This is needed to provide audit trails for the auditor to review as well as handle and respond to user complaints, for example, to the exchanges. We, therefore, store data as per the regulations, but on the UI as well at the application level mask the data, for example, our API responses, which are then displayed to the outside world.
We can validate that it’s a sensible choice to follow the guide shared by Ayush (Masking Sensitive Data Logs with Logstash). It is not that difficult to implement and it should be adopted as a best practice by other organizations as well.